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Applicant: Gupta et ah G ™P Art Unit: 2143 APR 1 1.2005 

Filed: 7/27/2000 Examiner: Shin, Kyung H. 

Serial No.: 09/626,637 

Title; METHOD AND SYSTEM FOR AUTHENTICATION WHEN CERTIFICATION 
AUTHORITY PUBLIC AND PRIVATE KEYS EXPIRE 



Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

BRIEF OF APPELLANT 

This Appeal Brief, pursuant to the Notice of Appeal filed September 9, 2004, is an 
appeal from the rejection of the Examiner dated August 1 1 , 2004. 

REAL PARTY IN INTEREST 
International Business Machines, Inc. is the real party in interest 

RELATED APPEALS AND INTERFERENCES 

None. 

STATUS OF CLAIMS 
Claims 1 -6 and 1 1 -19 are rejected. Claims 7-10 are canceled. This Brief is in support or 
an appeal from the rejection of claims 1-6 and 1 1 -19. 
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STATUS OF AMENDMENTS 
There arc no After-Final Amendments which have not been entered. 



SUMMARY OF CLAIMED SUBJECT MATTER 
The present invention discloses a method for enabling use by a browser of valid 
authentication certi ficatcs in relation to a transaction between the browser and a server when a 
private key and public key of a certifying authority of the server has expired, but the 
authentication certificates of any of the server or browser arc still valid. An original 
authentication certificate together with a server certifying authority chain (SCAC) certificate is 
received by the browser from the server during a SSL handshake between the browser and the 
server. The SCAC certificate was previously obtained by the server from the certifying authority. 
The browser verifies the original authentication certificate using the expired public key of the 
certifying authority. The browser verifies the SCAC certificate using a new public key of the 
certifying authority. See FIG. 1 (steps 1, 2, and 4) and specification, page 6, lines 9-10, 23-26; 
page 5, lines 5-10. 

After verifying the original authentication certificate and after said verifying the SCAC 
certificate, the browser accepts the transaction between the browser and the server. See FIG. 1 
(step 5) and specification, page 6, line 27 - page 7, line 2. 

The SCAC certificate may be obtained by the server whenever the certifying authority 
invalidates its public key, wherein the certificate is obtained by: contacting the certifying 
authority using the server's private key for authentication to make a request for the SCAC 
certificate; verifying the request by the certifying authority using the server's public key; and 
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generating the SCAC certificate by the certifying authority using a new private key ofthe 
certifying authority and forwarding the SCAC certificate to the server. Sec FIG. 2 and 
specification, page 7, lines 4-12. 

Generating the SCAC certificate may include authenticating the server name, the server 
public key, old certifying authority public key, and certifying aulhority name. Sec specification, 
page 4, lines 24-26, 

A client (CCAC) certificate maybe issued by the certifying authority, said CCAC 
certificate being functionally the same as the SCAC certificate subject to the roles ofthe browser 
and the server being interchanged. The CCAC certificate may be presented to the server during 
the handshake. Sec specification, page 7, lines 16-22. 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

1. Claims 1,4-6, 11, 13, and 17-19 stand rejected under 35 U.S.C. § 102(e) as allegedly being 
anticipated by Lewis ct al. (U.S. Patent No. 6,233,565). 

2. Claims 2-3 and 14-16 stand rejected under 35 U.S.C. §103 (a) as allegedly being unpatentable 
over Lewis et al. (U.S. Patent No. 6,233,565) in view of Pcrlman et al. (U.S. Patent No. 
6,230,266). 
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ARGUMENT 



nt*o nN» of rejection i 

Claims 1,4-6, II, 13, and 17-19 stand rejected under 35 U.S.C. § 102(e) as allegedly 
being anlicipatcd by Lewis et al. (U.S. Patent No. 6,233,565). 

rinima l r 5-6. 12-13 . 17. nnd_l£ 

Appellants respectfully contend that Lewis does not anticipate claims 1, 6, and 13, 
because Lewis docs not teach each and every feature of claims 1, 6, and 13. For example, Lewis 
docs not teach the following first feature: "receiving an original authentication certificate 
together with a server certifying authority chain (SCAC) certificate by the browser from the 
server during a SSL handshake between the browser and the server, said SCAC certificate 
having heen previously obtained by the server from the certifying authority" (emphasis added) 
(claim 1), and similar language for claims 6 and 13. 

The Examiner argues that Lewis discloses the aforementioned first feature of claims 1, 6, 
and 1 3. The Examiner relies specifically on content disclosed in Lewis, col. 30, lines 39-41 . In 
response. Appellants respectfully contend that Ixwis discloses in col. 30, lines 30-50 that the 
Certificate Authority (CA) first sends an "initial CA certificate" to the server, and alter the old 
certificate has expired the Certificate Authority next sends a "new certificate" to the server. Thus 
il is clear that the "initial CA certificate" and the "new certificate" are notrcceived together as 
required by claims 1,6, and 13. but are instead received separately by the server. Specifically, 
Lewis recites in col. 30, lines 36-45: 
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-The initial CA's ccrlificatc will be distributed by means of regular US cerii ficd mail. 
Included with the CA's ccrtili cate will be a hash of the next certificate key values. When 
a certificate expires, the USPS certification authority will issue a new certificate and 

sign it with the old certificates matching private key. The USPS CA will send a new 
certificate signed with the CA's new private key to the server 4. The server 4 will validate 
the certificate for authenticity by first checking to ensure that the new CA certificates 
public key authenticates the included signature." (emphasis added) 

The preceding quote from Lewis discloses that "initial CA certificate" and the "new certificate- 
are received separately rather than together. 

Also with respect to said first feature of claims 1. 6, and 1 3, the preceding quote from 
Lewis states that the old certificate and the now certificate arc not received by the browser from 
the server as required by claims 1 , 6, and 13, but no instead received by the server from the 

Certificate Authority. 

Applicants assert that Lewis not disclose anywhere that the browser receives the old 
certificate and the new certificate together from the server during a SSL handshake. 

In addition, Lewis does not teach the following second feature: "verifying by the browser 
the original authentication certificate using the expired public key of the certifying authority" 
(emphasis added) (claim I), and similar language for claims 6 and 13. The Examiner argues that 
Lewis discloses the aforementioned second feature of claims 1,6, and 13. The Examiner relics 
specifically on content disclosed in Lewis, col. 14, lines 36-42 and col. 30, lines 41 -43. In 
response. Appellants respectfully contend that Lewis col. 1 4, lines 36-42 docs not discuss 
verification of a certificate and is therefore totally irrelevant to aforementioned second feature of 
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claims 1, 6, and 13. 

Furthermore, Appellants respectfully contend that Lewis col. 30, lines 41-43 states 
specifically mat "[t]he USPS CA will send a new certificate signed with the CA's new private 
key to the server" which docs not even mention an expired public key. The preceding second 
feature requires verification by the browser using the expired public key of the certifying 
authority, which Lewis does not leach. Although J^cwis discloses in col. 27, lines 1 0-24 that a 
user may verify mi X.509 certificate using a CA's public key, Lewis docs not teach anywhere that 
the browser verifies the X.509 certificate using a public key after the public key has expired as 

required by claims 1, 6, and 13. 

Based on tbo preceding arguments, Appellants respectfully maintain that Lewis docs not 
anticipate claims 1, 6, and 13. Since claims 5 and 12 depend from claim 1, Appellants contend 
that chums 5 and 12 arc likewise in condition for allowance. Since claims 17 and 1 9 depend 
from claim 13, Appellants contend that claims 1 7 and 1 9 are likewise in condition for allowance. 

Claim 4 

Since claim 4 depends from claim 1 , which Appellants have argued supra to not be 
anticipated by Lewis, Applicants maintain that claim 4 is likewise not anticipated by Lewis. 

Hi addition with respect to claim 4, Appellants maintain that Lewis docs not teach the 
feature: "issuing by the certifying authority a client (CCAC) certificate, said CCAC certificate 
being functionally the same as the SCAC certificate subject to the roles of the browser aad the 
server being interchanged-. The Examiner argues that Lewis, col. 31, lines 30-38 teaches the 
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preceding feature of claim 4. 

In response, Appellants maintain that Lewis, col. 31, lines 30-38 does not teach the 
preceding feature of claim 4, because Lewis, col. 31, lines 30-38 recites: "The cryptographic 
module 1 4 will retrieve the appropriate values from the SQL master database 305 and fill in the 
remaining values. The result is then signed with the client's private indicium key. The actual 
indicium 74 is the concatenation of data and the digital signature. Because of the presence of the 
client's certificate (which was signed by the USPS CA) the indicium 74 can be easily verified for 
authenticity by using the public key embedded in the client's 2 indicium ccrti ficate. " 

Applicant's note that the indicia 74 appearing in the Examiner's citation of Lewis, col. 
31, lines 30-38 is nothing more than a virtual postage stamp whieh does not relate to the 
preceding feature of claim 4. Lewis col. 12, lines 55-59 (This virtual postage stamp is referred 
to as an "intelligent indicia 74" or more simply "indicia 74" and is evidence of payment for the 
postage that is locally printed and directly applied onto envelopes or labels via a printer ...."). 



Claim s 11 .and 18 

Since claims 11 and 1 8 respectively depend from claims 1 and 13, which Appellants have 
argued supra to not be anticipated by Lewis, Applicants maintain that claims 1 1 and 18 arc 
likewise not anticipated by Lewis. 

In addition with respect to claims 1 1 and 1 8, Appellants maintain that Lewis docs not 
teach the feature: "accepting the transaction by the browser after said verifying the original 
authentication certificate and after said verifying the SCAC certificate" (claim 11), and similar 
language for claim 18. The Examiner argues that Lewis, col. 27, lines 10-24 teaches the 
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In response, Appellants maintain that Lewis, col. 27, lines 10-24 teaches that a nser "A" 
may accept a transaction after verifying an authentication certificate, but docs not teach that the 
"A" would accept a transaction after verifying both the original authentication certificate 



user 

and the SCAC certificate 



8 
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r.ftOlIN D OF RMC1IQN1 

Claims 2-3 and 14-16 stand rejected under 35 U.S.C. §l03(a) as allegedly being 
unpatentable over Lewis et ri. (U.S. Patent No. 6,233,565) in view of Perlman ct al. (U.S. 
No. 6,230,266). 



Qlnjm g 2 and 14 

Since claims 2 and 14 respectively depend from claims \ and 13, which Applicants have 
argued s W ra to not be anticipated by Lewis under 35 U.S.C. § 102(c), Applicants mainlain that 
claims 2 and 14 are not unpatentable over Lewis in view of Pcrlman under 35 U.S.C. §l03(a). 

In addition with respect lo claims 2 and 14, Appellants maintain that Lewis in view of 
Pcrlman does or suggest not teach the following first feature: "wherein the SCAC certificate is 
obtained by the server whenever the certifying authority invalidates its public key". The 
Examiner argues that claim 1 of Pcrlman discloses the preceding fu st feature of claim 2. 

In response, Appellants maintain that claim 1 of Perlman recites text relating to a first 
revocation server being compromised, but does not recite anything relating to the certifying 
authority invalidating its public key. hi fact, the phrase "public key" does not even appear in 
claim 1 of Perlman. Therefore, the Examiner has not established * prima facie case of 
obviousness in relation lo claims 2 and 14. 

In addition with respect lo claims 2 and 14, Appellants maintain that Lewis in view of 
Pcrlman does not teach or suggest the second feature: "contacting the certifying authority using 
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the server's private key for authentication to make a request for flic SCAC certificate" (claim 2) 
(emphasis added). and similar language for claim 14. The Examiner argues that Perlman, col. 6, 
line 63 - col. 7, line 6 discloses the preceding second feature of claims 2 and 14. 

In response, Appellants maintain that Perlman, col. 6, line 63 - col. 7, line 6 does not 
disclose "to make a request for the SCAC certificate", as alleged by the Examiner. Indeed, 
Perlman, col. 6, line 63 - col. 7, line 8 recites: 

"In order to update the certificates previously issued by certificate authorities 204c so as 
lo ensure that principals relying upon such certificates now recognize the validity of 
certificates (including the special delegation ccrti ficate) issued by the successor CA 204b, 
CA 204a may Issue, via secure off-line techniques, to certificate authorities 204c a 
"renunciation" certificate 600 (the data structure of which is represented in FIG. 6) 
signed using the private key of the CA 204a including information 602 slating that (he 
CA 204a has renounced all of its certification authority (i.e., power to issue certificates), 
and has granted that authority to the CA 204b" (emphasis added). 

Thus, Perlman, col. 6, line 63 - col. 7, line 6 discloses issuing a renunciation certificate and most 
certainly does not disclose requesting the SCAC certificate. In other words, "requesting" and 
"issuing" are different actions. Moreover, a renunciation certificate is not a SCAC certificate. 

In addition with respect to claims 2 and 14, Appellants maintain that Lewis in view of 
Perlman does not teach or suggest the third feature: "verifying the request by the certifying 
authority using the server's public key" (claim 2), and similar language for claim 14. The 
Examiner argues that Perlman, col. 7, lines 15-18 discloses the preceding third feature of claims 
2 and 14. 
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Tn response, Appellants maintain that Perlman, col. 7, lines 1 5-18 docs not disclose "to 
make a request for the SCAC certificate", as alleged by the Examiner. Indeed, Perlman, col. 7, 
lines 15-18 recite: 'The authorities 204c receiving such renunciation certificates from CA 204a 
verify that the renunciation certificates have been properly si gned by the CA 204a". Appellants 
contend that the preceding quote of Perlman discloses verifying that the renunciation certificates 
have been properly signed by the CA, but docs not disclose verifying the requesl by the certifying 
authority using the server's public key, as required by claims 2 and 14. 

In addition with respect to claims 2 and 14, Appellants maintain that Lewis in view of 
Perlman does not teach or suggest the fourth feature: "generating the SCAC certificate by the 
certifying authority using a new private key of the certifying authority and forwarding the 
SCAC certificate to the server" (claim 2) (emphasis added), and similar language for claim 14. 
The Examiner argues that Perlman, col. 7. lines 12-24 discloses the preceding fourth feature of 
claims 2 and 14. 

In response, Appellants maintain that Perlman, col. 7. lines 12-24 does not disclose 
"forwarding the SCAC certificate to the server" as alleged by the Examiner and as required by 

claims 2 and 14. 

In addition, Appellants contend that the Examiner's reason for modifying Lewis by the 
alleged teaching of Perlman is not persuasive. The Examiner argues: "Ji would have been 
obvious to one of ordinary skill in the art at the time of the invention to modify the inventions of 
Lewis to include a Certificate Authority (CA) that invalidates its key pair through the process of 
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revocation as taught in Perlman. One of ordinary skill in the art would have been motivated to 
incorporate the invention of Perlman in order to ensure the authenticity of certificates when a CA 
invalidates a public/private key pair due to a compromise in security, (see Perlman col. 2, lines 
20-26: "For complete network security, wery principal must have a certificate. Sometimes, 
however, if is desirable to later disable a certificate after it has been issued but prior to its 
expiration. For example, a principal's private Icey may be stolen, compromised or lost, etc. 
Under such circumstances, it is desirable to revoke the certificate, thereby disabling 
authentication via that certificate.'T (emphasis added).. 

In response, Appellants maintain that the cited motivation in Perlman requires revocation 
of the original certificate prior to expiration of the original certificate. However, with respect to 
claims 1 and 13 from which claims 2 and 1 4 respectively depend, the Examiner cites Lewis, col. 
30, lines 39-43 which requires that a condition precedent for issuance of the new certificate 
(alleged by the Examiner to be the SCAC certificate) is that the original certificate expires. See 
Uwis, col. 30, lines 39-43 ("When a certificate expires, the USPS certification authority will 
issue a new certificate ..." (emphasis added)). 

Appellants contend that ordinary logic requires that the original certificate cither have 
expired or not have expired (but not both) when the new certificate is issued by the CA. In other 
words, the Examiner is arguing to modi fy Lewis by the alleged teaching of Perlman by issuing 
the new certificate when the original certificate has both expired and not expired, which is 
logically impossible. Therefore, the Examiner's argument for modifying Lewis by the alleged 
teaching of Perlman is not persuasive. 
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Mnims 3 and 15 

Since claims 3 and 1 5 respectively depend from claims 1 and 13, which Applicants have 
argued supra to not bo anticipated by Lewi, under 35 U.S.C. §102(e), Applicants maintain that 
claims 3 and 15 arc not unpatentable over Lewis in view of Perlman under 35 U.S.C. 8103(a). 

in addition with respect to claims 3 and 15, Appellants maintain that L«wis in view of 
Perlman docs not teach or suggest the following feature: "wherein generating the SCAC 
certificate includes authenticating the server name, the server public key, old certifying authority 
public key, and certifying authority name" (emphasis added) (claim 3), and similar language for 
claim 1 5. The Examiner argues that Perlman, col. 7, lines 10-1 2 disclose the preceding feature of 
claims 3 and 15- 

in response, Appellants maintain that Perlman, col. 7, lines 10-12 docs not disclose 
authenticating all four items (the server name, the server public key, old certifying authority 
public key, and certifying authority name) listed in clams 3 and 15. In fact, Perlman, col. 7, lines 
, 042 recites: "Additionally, in system 200, the new CA 204b is configured to issue certificates 
in the nine name as the CA 204a", which is not a disclosure of authenticating all four items (the 
server name, the server public key, old certifying authority public key, and certi lying authority 
iinrno). 

Claim 16 

Since claim 1 6 depends from claim 1 3, which Applicants have argued supra to not be 
anticipated by Lewis under 35 U.S.C. § 102(c), Applicants maintain that claim 16 is not 
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In addition with respect to claim 1 6, Appellants maintain that Lewis in view of Pcdmaa 
does not teach or suggest the following feature: "means for issuin E by the certifying authority a 
clienKCCAC) certificate, said CCAC ccrti ficate being functionally the same as the SCAC 
certificate subject to the roles of the browser arid the server being interchanged" (emphasis 
added). The Examiner argues that Lewis, eol. 30, lines 59-62 disclose the preceding feature of 
claim 16. 

in response, Appellants maintain that Lewis, col. 30, lines 59-62 does not disclose the 
preceding feature of claim 16, because Lewis, col. 30, lines 59-62 recites: "The USPS will 
generate the certificates and send them to the serve- 4, which will verify the certificate* source 
and store it in a SQL master database 305." Appellants contend that Lewis, col. 30, Unas 59-62 
does not relate to the preceding feature of claim 1 6. 
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SUMMARY 

Tn summary, Appellant respectfully requests reversal of the August 1 1, 2004 Office 
Action rejcclton of claims 1-6 and 11-19. 



Dated: {>V"A p,r 

Schmciser, Olscn & Walls 
3 Ixar Jet Lane - Suite 201 
Latham, New York 121 10 
(518) 220-1850 



Respectfully submitted, 

Jack P. Friedman 
Attorney For Appellant 
Registration No. 44,688 



15 



09/626,637 



PAGE 17/24 ' RCVD AT 4/1 1/2005 10:02:07 AM [Eastern Daylight Time] * SVR:USPT0#XRM/1 » DNIS.8729306 • CSID: * DURATION (mm-$s):05-34 



APR- 11-05 HON 09:27 AM 



FAX NO. 



P. 18 



Docket No. JP920000150US1 

IN T1IK UNITED STATES PATENT AND TRADEMARK OFFICE RECEIVED 
y , r la<? , . Group Art Unit: 2143 ©^mXGEWiPi 

SSSSr Shm,KyungIL APR i I 2005 

Titlc^° METWU3D^.ND SYSTEM FOR AUTHENTICATION WHEN 
g^Tggg,^ * ^n B .TV PUBLIC AND PRIVATE KEYS EXPIRE 

Commissioner for Patents 

P.O. Box 1450 
Alexandria, VA 22313-1450 

APPENDIX A - CLAIMS ON APPEAL 
1. A method for enabling use by a browser of valid authentication certificates in relation to a 
transaction between the browser and a server when a private key and public key of a certifying 
authority of the server has expired, comprising: 

receiving an original authentication certificate together with a server certifying authority 
chain (SCAC) certificate by the browser from the server during a SSL handshake between the 
browser and the server, said SCAC certificate having been previously obtained by the server 

from the certifying authority; 

verifying by the browser the original authentication certificate using the expired public 

key of the certifying authority, and 

verifying by the browser the SCAC certificate using a new public key of the certifying 

authority. 

2. The method of claim 1, wherein the SCAC certificate is obtained by the sewer whenever the 
certifying authority invalidates its public key, wherein the certificate is obtained by. 
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contacting the certifying authority using the server's private key for authentication to 

make a request for the SCAC certificate; 

verifying the request by the certifying authority using the server' s public key; and 
generating the SCAC certificate by the certifying authority using a new private key of the 

certifying authority and forwarding the SCAC certificate to the server. 

3. The method of claim 2 wherein generating the SCAC certificate includes authenticating the 
server name, the sever public key, old certifying authority public key, and certifying authority 

name. 

4. The method of claim 1, further comprising issuing by the certifying authority a client (CCAC) 
certificate, said CCAC certificate being functionally the same as the SCAC certificate subject to 
the roles of the browser and the server being interchanged. 

5. The method of claim t. wherein the method further comprises presenting the CCAC 
certificate to the server during the handshake. 

6. in an arrangement of networked server and browser systems conducting secure transactions 
and including a certifying authority for authenticating such transactions, charactered in that it 
includes a means for authenticating transactions when the public and pri vate key of the said 
certifying authority have expired but the authentication certificates of any of server or browser 
systems is still valid, comprising: 
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means for the server to obtain a certifying authority chain certificate using the now private 

key of the certifying authority, 

means for presenting .he said certifying authority chain ccrti fteate together with the 

original authentication certificate, to the browser, 

means for verifying the original authentication certificate using the expired public key of 
the certifying authority, and verifying the certifying autl,ority chain ccrti fteate using the new 
certifying authority public key by the browser. 

1 1 . The method of claim 1, further comprise accepting the transaction by the browser after said 
verifying the original authentication certificate and after said verifying the SCAC certificate. 

12. The method of claim 1, wherein obtaining the SCAC certificate comprise., using the new 

private koy of the certifying authority. 

13. A system for enabling use by a browser of valid authentication certificates in relation to a 
taction between the browser and a server when a private key art public key of a certifying 
authority of the server has expired, comprising: 

means for receiving an original authentication certificate together with a server certifying 
authority chain (SCAC) certificate by the browser from the server during a SSL handshake 
between the browser and the server, said SCAC certificate having been previously obtained by 
the server from the certifying authority; 

means for verifying by the browser the original authentication certificate using the 
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expired public key of the certifying authority, and 

means for verifying by the browser the SCAC certificate using a new public key of the 

certifying authority. 

14. The system of claim 13, wherein the SCAC certificate is obtained by the server whenever the 
certi fying authority invalidates its public key, wherein the certi Cicate is obtained by: 

moan, for contacting the certifying authority using the server's private key for 
authentication to make a request for the SCAC certificate; 

and 

means for derating *. SCAC certificate by .he certifying authority using a new 
private key of the certifying authority and forwarding the SCAC certificate to the serve, 

15. The sys.cn, of ciaim 13, wherein said means for generating the SCAC ccrtincate includes 
means for authenticating the server name, the server pubiicKey, oid certifying authority public 
key, and certifying authority name. 

,6. The system of claim 15, further comprising means for issuingby the certifying authority a 
chent(CCAC) certificate said CCAC certificate being functionally the same as the SCAC 
eertificatc subject to the roles of the browser and the server being interchanged. 

17. The system of claim 13. wherein the system further comprises moan, for presenting the 
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CCAC ccrti ficalc to the server daring the handshake. 



18. The system of claim 13, further comprising means for accepting the transaction by the 
browser in conation with said means for veri fying the original authentication certificate and in 
conjunction with said means for verifying the SCAC certificate. 

, 9. The system of claim 13, wherein said means for obtaining** SCAC certificate conges 
use of the new private key of the certifying authority. 
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APPENDIX B - EVIDENCE 
There is no evidence entered by the Examiner and relied upon by Appellants in this 

appeal. 
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APPENDIX C - RELATED PROCEEDINGS 

Then, are no proceeding, identified in the "Related Appeals and interferences" section. 
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